Published: Wednesday, November 6th, 2019
Last Update: Wednesday, November 6th, 2019
Multiple ACOS release families use hardcoded SSH host keys to support SSH management access for ACOS systems. A remote attacker could exploit this vulnerability to conduct man-in-the-middle attacks by leveraging knowledge of these keys from other ACOS installations to decrypt confidential information on ACOS remote, CLI management connections.
An affected A10 system is only exposed to exploitation of this vulnerability if it is configured to use the system’s default, SSH host key; without the SSH host key having been previously regenerated for the system. The following vulnerability items are addressed in this document.
||Non-Unique ACOS SSH Mgmt Host Key
Workarounds and Mitigations
Regenerate the SSH host key on the ACOS system to overcome exposure to this vulnerability. The SSH host key for remote CLI management services can be regenerated by:
- issuing the "sshd key regenerate" the ACOS CLI command
ACOS 3.1.x, 2.8.2, 2.7.2, 2.7.1-GR1, and 2.6.1-GR1 use non-unique SSH host keys, which might allow remote attackers to defeat cryptographic protection mechanisms and conduct man-in-the-middle attacks by leveraging knowledge of these keys from another installation.
The following table shares brief descriptions for the vulnerabilities addressed in this document.
© Copyright 2019 A10 Networks, Inc. All Rights Reserved.
This document is provided on an "AS IS" basis and does not imply any kind of guarantee or warranty, including the warranties of merchantability, non-infringement or fitness for a particular use. Your use of the information in this document or materials linked from this document is at your own risk. A10 Networks, Inc. reserves the right to change or update the information in this document at any time.